Bitcoin
Bitcoin (BTC)
$97,543.00 4.62404
Bitcoin price
Ethereum
Ethereum (ETH)
$3,125.41 0.11993
Ethereum price
BNB
BNB (BNB)
$610.34 -0.80138
BNB price
Solana
Solana (SOL)
$242.07 1.74127
Solana price
XRP
XRP (XRP)
$1.12 1.89722
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.82669
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -5.25299
Pepe price
Bonk
Bonk (BONK)
$0.0000509 -5.90899
Bonk price
dogwifhat
dogwifhat (WIF)
$3.10 -6.9602
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -10.96743
Popcat price
Bitcoin
Bitcoin (BTC)
$97,543.00 4.62404
Bitcoin price
Ethereum
Ethereum (ETH)
$3,125.41 0.11993
Ethereum price
BNB
BNB (BNB)
$610.34 -0.80138
BNB price
Solana
Solana (SOL)
$242.07 1.74127
Solana price
XRP
XRP (XRP)
$1.12 1.89722
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.82669
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -5.25299
Pepe price
Bonk
Bonk (BONK)
$0.0000509 -5.90899
Bonk price
dogwifhat
dogwifhat (WIF)
$3.10 -6.9602
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -10.96743
Popcat price
Bitcoin
Bitcoin (BTC)
$97,543.00 4.62404
Bitcoin price
Ethereum
Ethereum (ETH)
$3,125.41 0.11993
Ethereum price
BNB
BNB (BNB)
$610.34 -0.80138
BNB price
Solana
Solana (SOL)
$242.07 1.74127
Solana price
XRP
XRP (XRP)
$1.12 1.89722
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.82669
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -5.25299
Pepe price
Bonk
Bonk (BONK)
$0.0000509 -5.90899
Bonk price
dogwifhat
dogwifhat (WIF)
$3.10 -6.9602
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -10.96743
Popcat price
Bitcoin
Bitcoin (BTC)
$97,543.00 4.62404
Bitcoin price
Ethereum
Ethereum (ETH)
$3,125.41 0.11993
Ethereum price
BNB
BNB (BNB)
$610.34 -0.80138
BNB price
Solana
Solana (SOL)
$242.07 1.74127
Solana price
XRP
XRP (XRP)
$1.12 1.89722
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000239 -2.82669
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000191 -5.25299
Pepe price
Bonk
Bonk (BONK)
$0.0000509 -5.90899
Bonk price
dogwifhat
dogwifhat (WIF)
$3.10 -6.9602
dogwifhat price
Popcat
Popcat (POPCAT)
$1.52 -10.96743
Popcat price

Lazarus Group intensifies attacks on crypto browser extensions: Group-IB

lazarus-group-intensifies-attacks-on-crypto-browser-extensions-group-ib
Edited by
News
Lazarus Group intensifies attacks on crypto browser extensions: Group-IB

Lazarus Group intensifies its cyber assault on crypto market, deploying sophisticated malware through fake video apps and expanding its targeting of browser extensions.

The notorious North Korean hacking gang Lazarus Group, known for its sophisticated cyber campaigns against the crypto industry, is ramping up its efforts to target crypto professionals and developers. The group has introduced new malware variants and expanded its focus to include video conferencing applications, according to a recent research report by Group-IB, a cybersecurity firm.

In 2024, Lazarus expanded its attacks with the “Contagious Interview” campaign, deceiving job seekers into downloading malware disguised as job-related tasks. The scheme now features a fake video conferencing app called “FCCCall” that mimics real software and installs the BeaverTail malware, which then deploys the Python-based backdoor “InvisibleFerret.”

“The core functionality of BeaverTail remains unchanged: it exfiltrates credentials from browsers, and data from cryptocurrency wallets browser extension.”

Group-IB

Group-IB researchers have also identified a new suite of Python scripts dubbed “CivetQ” as part of Lazarus’s evolving toolkit. The group’s tactics now include using Telegram for data exfiltration and expanding their reach to gaming-related repositories, trojanizing Node.js-based projects to spread their malware.

“After making initial contact, they would often attempt to move the conversation onto Telegram, where they [hackers] would then ask the potential interviewees to download a video conferencing application, or a Node.js project, to perform a technical task as part of the interview process.”

Group-IB

Lazarus’s latest campaign highlights their increasing focus on crypto wallet browser extensions, analysts at Group-IB emphasize, adding that the bad actors are now targeting a growing list of applications including MetaMask, Coinbase, BNB Chain Wallet, TON Wallet, and Exodus Web3, among others.

The group has also developed more sophisticated methods to obscure their malicious code, making detection more challenging.

The escalation mirrors broader trends highlighted by the FBI, which has recently cautioned that North Korean cyber actors are targeting employees in decentralized finance and cryptocurrency sectors with highly specialized social engineering campaigns. According to the FBI, these sophisticated tactics are crafted to penetrate even the most secure systems, representing an ongoing threat to organizations with substantial crypto assets.